Banking Blog

Hackers empty $900K bank account

In itself, a distributed denial of service, or DDoS, attack on a bank's website is little more than costly hooliganism. It essentially consists of hackers ordering a bunch of malware-infected computers to "click" on a bank's website until it's too overwhelmed to respond to legitimate users.

The effect is pretty similar to a barricade across the entrance to your bank: You can't get in, but your money is still safe inside the bank.

But what if thieves used a DDoS attack as cover for a more harmful attack that did actually compromise customer checking accounts? That appears to be exactly what happened to a customer of Bank of the West, according to a report from security blogger Brian Krebs:

A Christmas Eve cyber-attack against the website of a regional California financial institution helped to distract bank officials from an online account takeover against one of its clients, netting thieves more than $900,000.

At approximately midday on Dec. 24, 2012, organized cyber crooks began moving money out of corporate accounts belonging to Ascent Builders, a construction firm based in Sacramento, Calif. In short order, the company's financial institution -- San Francisco-based Bank of the West -- came under a large distributed denial of service (DDoS) attack …

There were 62 individuals suckered in to acting as "mules" for the stolen money, according to Krebs.

It's standard operating procedure for scammers to recruit unsuspecting individuals and businesses ("make big money working from home!") to accept a substantial deposit from thieves and wire the bulk of it overseas, keeping a portion for themselves as payments. Typically, the money clears and the mule completes the transfer, only to have the authorities catch up with them and claw back the money, leaving them on the hook for most of the losses.

Obviously, you never want to agree to accept and transfer cash as these mules did. Aside from the legal implications of engaging in what amounts to money laundering, what good are promised payoffs if they're going to be clawed back later?

Another important step to avoid having your account on the receiving end of this type of coordinated attack is having up-to-date antivirus software installed on your computer. Krebs writes that the thieves may have gained access to Ascent Builders' bank logins using malware surreptitiously installed on its computers. And you don't want that happen to you, especially on Christmas Eve.

What do you think? Do you worry about online thieves draining your accounts? What precautions do you take to prevent that from happening?

Bankrate wants to hear from you and encourages comments. We ask that you stay on topic, respect other people's opinions, and avoid profanity, offensive statements, and illegal content. Please keep in mind that we reserve the right to (but are not obligated to) edit or delete your comments. Please avoid posting private or confidential information, and also keep in mind that anything you post may be disclosed, published, transmitted or reused.

By submitting a post, you agree to be bound by Bankrate's terms of use. Please refer to Bankrate's privacy policy for more information regarding Bankrate's privacy practices.

147 Comments

Micheleg

March 14, 2013 at 9:18 am

Dave,
You must live in a low crime area.
Most people would be afraid of being robbed.
On the other hand, maybe you don't have much.

Mike

March 14, 2013 at 12:23 am

A trick I now use is to use a prepaid credit card that is not tied to any of my other accounts. It doesn't evan have my name on it. If I need to pay by CC then the most they could possibly get is the small amount that I transfer for that days needs.

ps: that cash this check scheme and keep 10% of it is a decade old scam. Keep yourself informed.

Tim

March 12, 2013 at 10:18 pm

w0w Dave.
How do you book a hotel and flight to Tokyo or ANYWHERE without a credit card?
Even if you have millions>>>>how do you book ANYTHING in advance without a credit card?
Many of us use credit cards just for that and pay it off immediately and never have a balance.
You don't actually believe do you that those that use credit cards are miscreants do you?

J. Doe

March 12, 2013 at 11:49 am

day late and dollar short. hackers have used ddos as a cover for many different types of attacks for a long time. the fact is banks are wide open targets.

l.d. smith

March 12, 2013 at 1:26 am

dave, cash is great....yet makes it hard to run around paying bills..i know u have utilities to pay,eh? and sometimes ur charged more for paying in cash..

i have a ck.ing acc. only-- for the amount of my bills..nothing more..i find it easier to write a ck. than use my gas & time to
pay each one...

tomgoerke

March 12, 2013 at 12:42 am

Having it clawed back ? Say what ? I got scammed for $9,000 and I knew who the person was who received the money and kept 10 % and wire the balance on. The cops said there was nothing I could do even about getting the $900 back. This story does not make sense as it alleges that the "mules" have to pay all the scammed money back.

Paul Mason

March 12, 2013 at 12:06 am

Hmmmmm. I notice that Russia is buying more gold than anyone else, for years now.

I wonder if I should "SEE" if I can get a savings account or checking account denominated in Russian Rubles? But that country is totally crooked, so would I lose all my money?

What should I do? I don't trust the LEF's. And I don't want robbers coming to take "actual gold ingots or gold coins" from my house --- so I do NOT keep any cash or gold at my house.

I can see that the dollar is going down the tubes, but what should I do about it?

Paul the Mg Librarian

Clare

March 11, 2013 at 9:16 pm

i got a $900 "post office money order" that some ding dong wanted me to cash for him. duh. what idiot would do that sort of thing? that's the real issue. be sure to keep up with what happens if one of your cards gets stolen from you, etc. and don't respond to dingy stuff in your mail about cashing some instrument at YOUR bank and sending the money elsewhere. you have a brain; use it!

Michael Cohen

March 11, 2013 at 8:54 pm

I am against on line banking or paying any bills on line, but the system will try to force me and everybody else to so. Paper bills and checks will not exist in the future. Right now there are no more SS checks; everything is electronic and has to go to your bank account.
As for the banks, they are getting rid of their tellers and are trying to force you to use their ATMs for all your transactions. Electric companies are going to charge you a fee if you want to pay by check instead of online.
As much as I hate to do anything online, we will be forced to do so in the future and we can expect our accounts to be robbed constantly with no or little compensation.

Dave

March 11, 2013 at 3:54 pm

I don't worry at all. I have NO credit cards, and I also have NO bank account. I pay CASH for everything. If I don't have enough money to buy something, I don't buy it. Seems like a much easier way to live if you ask me. I'd spend at least 10% of my time trying to keep people from robbing me, including the banks. This way, I have NO WORRIES! I love it.

Bankrate.com is an independent, advertising-supported publisher and comparison service. Bankrate may be compensated in exchange for featured placement of certain sponsored products and services, or your clicking on certain links posted on this website.